Automation & Tooling

Build your own security tools. Automate the boring stuff. Work smarter.

Tool Architecture

Good security tools follow consistent patterns: clear arguments, helpful output, proper error handling.

#!/bin/bash
# Production-grade security tool template

set -euo pipefail

# Configuration
SCRIPT_NAME=$(basename "$0")
VERSION="1.0.0"
OUTPUT_DIR="./output"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

# Logging functions
log_info()  { echo -e "${GREEN}[INFO]${NC} $1"; }
log_warn()  { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1" >&2; }

# Usage function
usage() {
    cat << EOF
Usage: $SCRIPT_NAME [OPTIONS] TARGET

Options:
  -o DIR    Output directory (default: ./output)
  -v        Verbose mode
  -h        Show this help
EOF
    exit 1
}

Argument Parsing

# Parse command line arguments
VERBOSE=false

while getopts "o:vh" opt; do
    case $opt in
        o) OUTPUT_DIR="$OPTARG" ;;
        v) VERBOSE=true ;;
        h) usage ;;
        ?) usage ;;
    esac
done
shift $((OPTIND-1))

# Require target argument
if [[ $# -lt 1 ]]; then
    log_error "Target required"
    usage
fi

TARGET="$1"
log_info "Scanning target: $TARGET"

Example: Quick Recon Tool

#!/bin/bash
# quick-recon.sh - Fast target reconnaissance

set -euo pipefail

TARGET="${1:?Usage: $0 TARGET}"
OUTPUT="recon_$(date +%Y%m%d_%H%M%S)"

mkdir -p "$OUTPUT"

echo "[*] Starting recon on $TARGET"

# DNS lookup
echo "[+] DNS Resolution"
host "$TARGET" > "$OUTPUT/dns.txt" 2>&1 || true

# Port scan (top 100)
echo "[+] Quick port scan"
nmap -F "$TARGET" -oN "$OUTPUT/ports.txt" 2>/dev/null

# HTTP headers
echo "[+] HTTP headers"
curl -sI "http://$TARGET" > "$OUTPUT/http_headers.txt" 2>/dev/null || true
curl -sI "https://$TARGET" > "$OUTPUT/https_headers.txt" 2>/dev/null || true

# robots.txt
echo "[+] Checking robots.txt"
curl -s "http://$TARGET/robots.txt" > "$OUTPUT/robots.txt" 2>/dev/null || true

echo "[*] Results saved to $OUTPUT/"
ls -la "$OUTPUT/"

Output Formatting

Organized Output

Create timestamped directories. Never overwrite previous results.

Multiple Formats

Output text for humans, JSON/CSV for tools. Support both.

Quiet Mode

Allow -q flag for piping output to other tools.

# JSON output function
output_json() {
    local target="$1"
    local ports="$2"
    cat << EOF
{
  "target": "$target",
  "scan_time": "$(date -Iseconds)",
  "open_ports": [$ports]
}
EOF
}

# Usage
output_json "192.168.1.1" "22, 80, 443" > results.json

Parallel Execution

# Scan multiple hosts in parallel
TARGETS=("192.168.1.1" "192.168.1.2" "192.168.1.3")

scan_host() {
    local host="$1"
    nmap -F "$host" -oN "scan_${host}.txt" 2>/dev/null
    echo "[+] Completed: $host"
}

# Export function for parallel
export -f scan_host

# Run 4 scans in parallel
printf '%s\n' "${TARGETS[@]}" | xargs -P 4 -I {} bash -c 'scan_host "$@"' _ {}

echo "[*] All scans complete"

Tool Workshop

Build a production-grade security tool from scratch. Your tool must include proper structure, logging, argument parsing, and formatted output.

Add shebang and safety options (set -euo pipefail)
Create colored logging functions (log_info, log_error)
Implement a usage/help function
Add argument parsing with getopts
Include output formatting (JSON or timestamped directory)

my-security-tool.sh Ctrl+Enter to validate

Validation Results 0/5 checks

Click "Validate Tool" to check your script... Your tool should include: • #!/bin/bash shebang • set -euo pipefail for safety • Color variables (RED, GREEN, etc.) • log_info() and log_error() functions • usage() function with heredoc • getopts for argument parsing • Output to file or JSON format

Tool Workshop Complete!

Your security tool follows all production-grade best practices. You're ready to build real-world automation!

Ready to Test Your Skills?

Take the Quiz → Back to Script House

Completing CLH-013 to CLH-015 earns: CLI Architect